lost_soul Posted August 11, 2013 Report Share Posted August 11, 2013 If you do not know what I am talking about:http://www.computerworld.com/s/article/9241542/Microsoft_slams_Gmail_s_Gspam_in_latest_Scroogled_attack_ad A few months ago, I fixed a user's machine that was unbootable due to a messed up MBR. Now, the user contacts us and says that while they were checking their email, their machine got taken over by malware. This malware is SIX months old! It is nothing remotely new. When I left this machine the first time, we had set up active AV and applied security updates, and still the fucking OS gets taken over a couple months later, when the user didn't even actively download a file. All they were doing was sifting through and deleting junk mail. So, Microsoft, stop trying to smear your competitors. Fix your swiss-cheese OS so that it can't get hijacked even in the preasance of active AV by simple emails. Your users will thank you. Fortunately when I left this user months ago, I left them with a Knoppix flash drive. All they had to do to keep using the machine was boot from said flash drive. Perhaps next time they check their email, they can use the flash drive too. Quote --- War does not decide who is right, war decides who is left. Link to comment Share on other sites More sharing options...
jaxa Posted August 11, 2013 Report Share Posted August 11, 2013 They have some cojones to dig up the "Scroogled" FUD campaign now that we know both services are part of the PRISM program. Quote Link to comment Share on other sites More sharing options...
lost_soul Posted August 11, 2013 Author Report Share Posted August 11, 2013 Exactly. It frankly doesn't matter if MS or Google want to read my mail because its gonna get scanned anyway! Quote --- War does not decide who is right, war decides who is left. Link to comment Share on other sites More sharing options...
Fidcal Posted August 11, 2013 Report Share Posted August 11, 2013 This is why I only ever use plain text emails. Quote Link to comment Share on other sites More sharing options...
lost_soul Posted August 11, 2013 Author Report Share Posted August 11, 2013 Yep. We don't expect perfectly secure software, but after fifteen years, we do expect some attack vectors to be closed. In this case, the user *knew* the emails they were dealing with were junk and did not want to interract with them except to delete them. Why do all mail services not block images/scripting in mails by default and make a user click a button to enable it? FYI you can get hacked by a simple jpeg file if the OS has a buffer-overflow exploit that hasn't been patched. I'm not aware of any in current Windows, but they have existed in the past. Here's an article about one:http://news.cnet.com/2100-1002_3-5975726.html Quote --- War does not decide who is right, war decides who is left. Link to comment Share on other sites More sharing options...
AluminumHaste Posted August 13, 2013 Report Share Posted August 13, 2013 Buffer overflows into OS memory territory shouldn't happen in Vista,7 or 8. The memory space for the OS is protected, you can't overflow to it, even if you try on purpose. Quote I always assumed I'd taste like boot leather. Link to comment Share on other sites More sharing options...
lost_soul Posted August 13, 2013 Author Report Share Posted August 13, 2013 Well there was also this exploit where all you had to do was plug in a specially crafted USB flash drive, and you became god immediately on the system. Doesn't matter who is logged in, or even if nobody is logged in at all! The problem was in the way Windows identified USB devices at the kernel level. http://fitcom.co/2013/03/13/critical-windows-usb-exploit-allows-flash-drives-to-grant-root-access-patch-issued/ Quote --- War does not decide who is right, war decides who is left. Link to comment Share on other sites More sharing options...
lost_soul Posted August 15, 2013 Author Report Share Posted August 15, 2013 I told them months ago to make recovery disks for this computer. They did not listen to me... nobody ever does. Now, we have removed the malware infestation twice and it just comes back later. If we use the recovery partition, the bad guys can just infect that as well. Quote --- War does not decide who is right, war decides who is left. Link to comment Share on other sites More sharing options...
someTaff Posted August 15, 2013 Report Share Posted August 15, 2013 Started codin in c# two weeks ago, can't imagine how windows even works. I mean it is Java. How wants Java to run their os?! Quote What excuse do we have not to sculpt, and sculpt, and sculpt, until the job is done? Link to comment Share on other sites More sharing options...
jaxa Posted August 15, 2013 Report Share Posted August 15, 2013 Since when is Windows written in Java. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.